SYM_JAVA_0141 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code constructs file paths using values directly from HTTP path parameters without proper validation. This allows attackers to manipulate the path (e.g., using '../') to access files outside the intended directory.
Impact
An attacker could exploit this to read, modify, or delete sensitive files on the server that should not be accessible, potentially exposing confidential data or disrupting application functionality.